Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/Ix0TT5IrmKD226rBGnrwxJKMQZE.roa
File:                     Ix0TT5IrmKD226rBGnrwxJKMQZE.roa (raw, json)
Hash identifier:          kT8aM1b7+8tvbyvrC/BU4Ml9NWdK/DRuTi32q1ndZgU=
Subject key identifier:   23:1D:13:4F:92:2B:98:A0:F6:DB:AA:C1:1A:7A:F0:C4:92:8C:41:91
Certificate issuer:       /CN=7fb43de237fd0b6a287389230921d25a2c2ed1a8
Certificate serial:       019B7C802A540BE5FA9187A42AC2EE055AB1
Authority key identifier: 7F:B4:3D:E2:37:FD:0B:6A:28:73:89:23:09:21:D2:5A:2C:2E:D1:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/Ix0TT5IrmKD226rBGnrwxJKMQZE.roa
Signing time:             Fri 02 Jan 2026 02:18:52 +0000
ROA not before:           Fri 02 Jan 2026 02:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200924
IP address blocks:        2001:678:66c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:2a:54:0b:e5:fa:91:87:a4:2a:c2:ee:05:5a:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fb43de237fd0b6a287389230921d25a2c2ed1a8
        Validity
            Not Before: Jan  2 02:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=231d134f922b98a0f6dbaac11a7af0c4928c4191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:22:e5:71:9e:37:76:d7:41:81:0b:b6:8c:0f:
                    28:bb:1c:12:14:5f:e8:2f:06:f7:c5:32:f8:f6:46:
                    61:35:d0:89:90:0b:16:3c:7e:cb:63:20:c6:e7:04:
                    f8:28:44:20:6a:e0:0e:d7:0e:d5:b6:41:2a:26:5f:
                    54:ee:6a:9a:d7:27:85:4f:ef:11:67:5a:83:66:40:
                    de:a8:3d:92:4b:05:dc:98:44:d6:e8:07:ff:d1:64:
                    f5:36:74:0e:65:08:05:98:ba:be:53:33:80:05:b6:
                    b6:bd:73:bd:99:21:20:af:03:8c:b6:b4:b4:bd:5a:
                    f5:32:a2:57:66:91:50:02:93:0d:fe:c9:76:de:76:
                    17:a0:db:28:36:ad:4e:e0:33:7a:1f:0d:b2:30:47:
                    ac:d7:0f:aa:82:68:fe:34:78:7e:14:47:b9:4a:c1:
                    a0:a6:d5:7a:2d:3c:db:c9:ac:81:0b:93:11:c7:98:
                    d7:6a:27:84:c3:dd:5b:ba:f2:5c:81:b2:47:e1:70:
                    5e:1d:55:b7:4c:34:89:50:80:3d:cf:f4:df:27:69:
                    97:78:23:40:3d:e8:a2:ee:c6:a5:b8:82:69:42:4e:
                    69:46:0c:e3:25:cc:ab:35:75:02:33:c4:ca:dd:54:
                    b9:67:4d:ce:52:03:a9:f0:5f:fc:d7:06:dc:b6:c5:
                    e5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:1D:13:4F:92:2B:98:A0:F6:DB:AA:C1:1A:7A:F0:C4:92:8C:41:91
            X509v3 Authority Key Identifier:
                keyid:7F:B4:3D:E2:37:FD:0B:6A:28:73:89:23:09:21:D2:5A:2C:2E:D1:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7Q94jf9C2ooc4kjCSHSWiwu0ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/Ix0TT5IrmKD226rBGnrwxJKMQZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/d4d12a-ab4e-4dba-95de-bc637130de6e/1/f7Q94jf9C2ooc4kjCSHSWiwu0ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:66c::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:48:56:2d:d4:d8:a5:be:c9:74:a8:1a:88:3e:23:db:e9:ee:
         1c:4a:2d:5b:23:90:a3:8a:8b:28:c3:e5:43:1a:44:01:33:e4:
         1e:fb:1a:c6:e6:d9:e9:6f:c6:29:bc:c8:6f:b5:32:c9:83:69:
         6e:e5:79:6c:bc:c5:2c:43:9f:42:a6:85:c7:f2:9d:08:e7:da:
         5a:aa:78:91:6f:45:e4:00:46:98:b8:7f:db:fd:8c:bb:e2:78:
         1f:a4:d5:17:76:f6:f5:40:57:8b:c6:24:d1:50:c6:a8:4d:10:
         cb:cf:50:27:8c:ad:9c:f3:47:81:d8:78:ba:b4:6b:b3:e1:a7:
         ce:7f:52:71:1e:16:f6:d0:00:92:35:d3:69:ed:eb:9d:7b:9e:
         5b:0e:23:e4:32:dc:4f:3a:ff:f6:90:40:19:0c:f7:2a:e0:01:
         e7:92:7c:d2:37:a2:71:d7:1c:b8:bb:f6:b1:b0:02:5e:f8:0f:
         bf:41:65:e9:8c:f7:78:9c:60:99:73:fc:f5:d0:84:75:73:3a:
         5e:29:fb:fc:6c:f8:e5:76:e9:19:b3:84:57:09:e4:fd:fa:32:
         7b:11:7d:d9:d9:97:3e:e7:78:b1:79:46:1d:2d:ad:72:91:6b:
         4c:4a:7f:32:ef:78:ee:cf:79:f8:d5:a6:e5:0f:77:57:c6:1e:
         2a:f4:3e:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8gCpUC+X6kYekKsLuBVqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmYjQzZGUyMzdmZDBiNmEyODczODkyMzA5MjFkMjVhMmMy
ZWQxYTgwHhcNMjYwMTAyMDIxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzFkMTM0ZjkyMmI5OGEwZjZkYmFhYzExYTdhZjBjNDkyOGM0MTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CLlcZ43dtdBgQu2jA8ouxwSFF/o
Lwb3xTL49kZhNdCJkAsWPH7LYyDG5wT4KEQgauAO1w7VtkEqJl9U7mqa1yeFT+8R
Z1qDZkDeqD2SSwXcmETW6Af/0WT1NnQOZQgFmLq+UzOABba2vXO9mSEgrwOMtrS0
vVr1MqJXZpFQApMN/sl23nYXoNsoNq1O4DN6Hw2yMEes1w+qgmj+NHh+FEe5SsGg
ptV6LTzbyayBC5MRx5jXaieEw91buvJcgbJH4XBeHVW3TDSJUIA9z/TfJ2mXeCNA
Peii7saluIJpQk5pRgzjJcyrNXUCM8TK3VS5Z03OUgOp8F/81wbctsXlsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCMdE0+SK5ig9tuqwRp68MSSjEGRMB8GA1UdIwQY
MBaAFH+0PeI3/QtqKHOJIwkh0losLtGoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjdROTRqZjlDMm9vYzRrakNTSFNXaXd1MGFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kNGQxMmEtYWI0ZS00ZGJhLTk1ZGUt
YmM2MzcxMzBkZTZlLzEvSXgwVFQ1SXJtS0QyMjZyQkducnd4SktNUVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kNGQxMmEtYWI0ZS00ZGJhLTk1ZGUtYmM2MzcxMzBkZTZl
LzEvZjdROTRqZjlDMm9vYzRrakNTSFNXaXd1MGFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAZs
MA0GCSqGSIb3DQEBCwUAA4IBAQCVSFYt1Nilvsl0qBqIPiPb6e4cSi1bI5Cjioso
w+VDGkQBM+Qe+xrG5tnpb8YpvMhvtTLJg2lu5XlsvMUsQ59CpoXH8p0I59paqniR
b0XkAEaYuH/b/Yy74ngfpNUXdvb1QFeLxiTRUMaoTRDLz1AnjK2c80eB2Hi6tGuz
4afOf1JxHhb20ACSNdNp7eude55bDiPkMtxPOv/2kEAZDPcq4AHnknzSN6Jx1xy4
u/axsAJe+A+/QWXpjPd4nGCZc/z10IR1czpeKfv8bPjldukZs4RXCeT9+jJ7EX3Z
2Zc+53ixeUYdLa1ykWtMSn8y73juz3n41ablD3dXxh4q9D5h
-----END CERTIFICATE-----